Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Easy VPN on ASA

Dear all,

I configured easy VPN on my ASA, but, when i type the following command, it gives  me this error as shown:

SA-Gate(config)# crypto ipsec transform-set myset esp-3des esp-md5-hmac
The 3DES/AES algorithms require a VPN-3DES-AES activation key.
ASA-Gate(config)# crypto dynamic-map dmap 100 set transform-set myset
ERROR: transform set with tag "myset" does not exist.

So, this issue concerning Licensed features on ASA and if so, what is all required to complete the easy VPN configuration.

N.B.: sh version of ASA is attached.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Easy VPN on ASA

Hi Ahmed,

Hope you are doing fine!

Actually your activation key (license) only allows you use DES encryption level (not 3DES or AES).

So when configuring the transform set. You have to set ecryption as DES:

"crypto ipsec transform-set myset esp-des esp-md5-hmac"


Otherwise, you ned a license upgrade to enable 3DES/AES. Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/DESlic.html

Hope this helps you.

Cheers,

Pedro

3 REPLIES
Cisco Employee

Re: Easy VPN on ASA

Hi Ahmed,

Hope you are doing fine!

Actually your activation key (license) only allows you use DES encryption level (not 3DES or AES).

So when configuring the transform set. You have to set ecryption as DES:

"crypto ipsec transform-set myset esp-des esp-md5-hmac"


Otherwise, you ned a license upgrade to enable 3DES/AES. Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/DESlic.html

Hope this helps you.

Cheers,

Pedro

New Member

Re: Easy VPN on ASA

Thx a lot for your suggestion, and it is

worked well with me.

But, if you please, what is the exact difference bet. 3DES & DES.

Cisco Employee

Re: Easy VPN on ASA

Hi Ahmed,

The difference between them is the level of strength of the encryption algorythm. 3DES uses 3 encryption keys (created by the algorythm) while DES uses only one. In practical terms, 3DES has a 3 times longer key to encrypt data than DES, what makes 3DES a stronger method.

Cheers,

Pedro

5729
Views
0
Helpful
3
Replies